Remote data queries through a firewall

ABSTRACT

Remote instructions are received at a remote computing device from a requesting device through a firewall. The remote computing device resides in a secured data center. Access credentials are presented by the requesting device. A request is made to an assistant computing device to query a dataset in communication with the remote computing device. Encrypted access credentials and encrypted remote instructions are received from the assistant computing device. The encrypted access credentials are configured to allow the requesting computing device to access the remote computing device. The encrypted remote instructions are configured to enable the remote computing device to execute at least one of the following: at least one data query, or at least one data manipulation. The encrypted access credentials are decrypted. The encrypted remote instructions are decrypted. The remote instructions are executed to generate query results. The query results are communicated to the requesting device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/508,451, filed Jul. 11, 2019, which is a continuation of U.S. patentapplication Ser. No. 15/097,577, filed Apr. 13, 2016, which claims thebenefit of U.S. Provisional Application No. 62/149,541, filed Apr. 18,2015, which are all hereby incorporated by reference in their entirety.

BACKGROUND

Data security is an important issue. There is a need to enable users tosecurely and remotely query and process data that is sitting inside asecure network.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is an example block diagram showing a system for remotelyaccessing data on a remote secured server according to some of thevarious embodiments of the present invention.

FIG. 2 is another example block diagram showing a system for remotelyaccessing data on a remote secured server according to some of thevarious embodiments of the present invention.

FIG. 3 is another example block diagram showing a system for remotelyaccessing data on a remote secured server according to some of thevarious embodiments of the present invention.

FIG. 4 is example block diagram showing communication flow betweencomponents in a system for remotely accessing data on a remote securedserver according to some of the various embodiments of the presentinvention.

FIG. 5 is an example flow diagram illustrating remote access of secureddata from the perspective of a requesting computing device according tosome of the various embodiments of the present invention.

FIG. 6 is an example flow diagram illustrating remote access of secureddata from the perspective of an assistant computing device according tosome of the various embodiments of the present invention.

FIG. 7 is an example flow diagram illustrating remote access of secureddata from the perspective of a remote computing device according to someof the various embodiments of the present invention.

FIG. 8 illustrates an example of a suitable computing system environmenton which aspects of some embodiments may be implemented.

DETAILED DESCRIPTION OF EMBODIMENTS

Some of the various embodiments of the present invention relate toremotely accessing data on a secured server. According to some of thevarious embodiments, SaaS (Software as A Service) tools may securelyquery and process data that is sitting inside a secure network by usinga user workstation as a bridge to pass instructions to a secured dataserver and receiving the results for further processing and reporting.In this way, embodiments may provide security and scalability ofenterprise tools to the SaaS based tools. A volume data comprising thedata may remain in the host environment and processing of data done onthe host environment. This may enable higher security of data. Since theprocessing occurs on the host environment, the latency of data may below. Scalability may be increased since the SaaS data tools do not needthe same storage and computing capacity as the host environment. Thismay allow some of the various embodiments to provide high service levelsto the end user.

Some of the various embodiments may enable businesses to leverage newtechnologies and solutions that are owned and operated by third partiesto work directly with their enterprise data in a secure fashion and thewithout the need to install these applications in their own network orby providing direct access to data to these applications.

FIG. 1 is an example block diagram showing a system 100 for remotelyaccessing data 145 on a remote secured server 140 according to some ofthe various embodiments of the present invention. As illustrated in thisexample system, an assistant computing device 100 assists a requestingcomputing device 120 to access a data set 145 via a remote computingdevice 140 over a network 160. In this alternative embodiment,requesting computing device 120 and assistant computing device 110 mayreside outside of physically secured data center 150. Remote computingdevice 140 may reside inside physically secured data center 150.Assistant computing device 110 may communicate to requesting computingdevice 120 through network 160 via communication links 122 and 112.Assistant computing device 110 may communicate to remote computingdevice 140 through network 160 and firewall 130 via communication links112, 132 and 152. Requesting computing device may communicate to remotecomputing device 140 through network 160 and firewall 130 viacommunication links 122, 132 and 152.

The remote computing device 140 may comprise a computing device such as,but not limited to: a personal computing device (PC, tablet or phone), adistributed computing device (e.g. a server) that comprises the datawhich the requester is trying to query and analyze, a combinationthereof, and/or the like. According to some of the various embodiments,the remote computing device 140 could be the same as the requestingcomputing device 120 (when the dataset 145 is located on the samedevice) but more often than not, the remote computing device 140 andrequesting computing device 120 are separate devices. The remotecomputing device may serve data remotely by receiving and processingqueries received. (An example of a typical query format is SequentialQuery Language (SQL)).

According to some of the various embodiments, the remote computingdevice 140 may reside in a physically secured data center 150. The term“data center,” as applied herein may to specially designed computerrooms. A data center may comprise a facility used to house computersystems and associated components, such as telecommunications andstorage systems. Data center(s) generally includes redundant or backuppower supplies, redundant data communications connections, environmentalcontrols (e.g., air conditioning, fire suppression) and various securitydevices. Communications in data centers may be based on networksrunning, for example, an IP protocol suite. Data centers may comprise aset of routers and switches that transport traffic between the serversand to the outside world. Redundancy of the Internet connection may beprovided by using two or more upstream service providers. Some of theservers at the data center may be employed for running the basicInternet and intranet services needed by internal users in theorganization, e.g., e-mail servers, proxy servers, and DNS servers.Network security elements may also be deployed. Examples of networksecurity elements may comprise, but are not limited to: firewalls, VPNgateways, intrusion detection systems, combinations thereof, and/or thelike. Also common are monitoring systems for the network and some of theapplications. Additional off site monitoring systems are also typical,in case of a failure of communications inside the data center.

The data center 150 may be secured. For example, physical access to thesite may be restricted to selected personnel, with controls such as, forexample, a layered security system. A layered security system maycomprise elements such as fencing, bollards and mantraps. Video camerasurveillance and permanent security guards may be present.

A mantrap, may comprise a physical security access control systemcomprising a small space with two sets of interlocking doors, such thatthe first set of doors must close before the second set opens. In amanual mantrap, a guard may lock and unlock each door in sequence. Anintercom and/or video camera may be employed to allow the guard tocontrol the trap from a remote location. In an automatic mantrap,identification may be required for each door, sometimes even possiblydifferent measures for each door. For example, a key may open the firstdoor, but a personal identification number entered on a number pad opensthe second. Other methods of opening doors include proximity cards orbiometric devices such as fingerprint readers, facial recognitionsystems, iris recognition scans, combinations thereof, and/or the like.Metal detectors may be built in, in order to prevent entrance of peoplecarrying weapons.

According to some of the various embodiments, the physically secure datacenter 150 may comprise a physical facility that is owned or leased. Thephysically secure data center 150 may house the remote computing device140 and/or the dataset 145 being accessed. The physical facility couldbe the same location where the requesting computing device 120 islocated or could be located in a different place. The dataset 145 may belocated in remote computing device 140 and be accessible by therequesting computing device 120 using access credentials. The accesscredentials may according to some embodiments, be optional.

According to some of the various embodiments, the remote computingdevice 140 may be in communication with a data set 145. A data set 145(or data set145) may comprise a collection of data. The collection ofdata may correspond to contents of database(s). Examples of databasescomprise, but are not limited to: a relational database data set; (e.g.Oracle, DB2, Access); a non-relational database data set; (e.g. NOSQL);a web service query responsive data set; (e.g. SalesForce.com); anapplication specific query responsive data set; (e.g. SAP); acomma-separated-values (CSV) data set; a spreadsheet data set; (e.g.Microsoft Excel); a plain text data set; hierarchical formatdatabase(s); propriety format(s) (example Microsoft Excel); combinationsthereof, and/or the like. According to some embodiments, a data set 145may correspond to the contents of a statistical data matrix. The dataset 145 may comprise value(s) for variable(s). Each value may bereferred to as a datum. The data set 145 may comprise data for one ormore members. According to some of the various embodiments, the termdata set 145 may refer to the data in a collection of closely relatedtables, corresponding to a particular experiment or event. The data set145 may be located, for example, on a network accessible drive, withinthe remote computing device 140, or other location with communication ofthe remote computing device 140.

The remote computing device by its definition can serve the dataremotely by receiving and processing queries received. (example oftypical query format is Sequential Query Language (SQL))

The data set 145 may be stored on a data storage device. A data storagedevice may comprise a device for recording and/or storing information(data). Examples of data storage devices comprise, but are not limitedto: tangible storage mediums, Read-only memory, Random Access memories,flash drives, disk drives, network accessible drives, magnetic tape,optical drives, combinations thereof, and/or the like.

According to some of the various embodiments, the remote computingdevice 140 may be configured to communicate with an external networkthrough a firewall. A firewall may comprise a network security systemthat controls incoming and outgoing network traffic based on an appliedrule set. A firewall may establish a barrier between a trusted, secureinternal network and another network (e.g., the Internet) that isassumed not to be secure and trusted. Firewalls may exist both assoftware to run on general purpose hardware and as a hardware appliance.Many firewalls may also offer other functionality to the internalnetwork they protect, such as acting as a DHCP server for that network.Some firewalls may be implemented as software in combination withhardware and/or virtual. According to some of the various embodiments,the firewall may comprise a routing function abilities that pass databetween networks and components.

A security Appliance may comprise a network security system thatcontrols the incoming and outgoing network traffic based on an appliedrule set. The appliance may establish a barrier between a trusted,secure internal network and another network (e.g., the Internet) that isassumed not to be secure and trusted. The security appliance may existas a hardware appliance, software appliance or software program. Anexample of security appliance is a firewall.

Requesting computing device 120 may comprise a computing deviceconfigured to initiate a request such as, but not limited to: a personalcomputing device (e.g. PC, Tablet, and Phone), a distributed computingdevice (server), combinations thereof, and/or the like. The first stepin the flow of information may be initiated by the requesting computingdevice 120. During the time of this request, the requesting computingdevice 120 may be located within a company's internal network or haveaccess to a company's network (For example, over a virtual privatenetwork (VPN)).

According to some of the various embodiments, a request may be initiatedon a requesting computing device 120 by a requester. A requester may,for example without limitation, comprise a human user or a machineprogram that initiates the request for information. A human user mayinitiate a request when he or she needs the information. The machineprogram may comprise, for example, a monitoring program that may beconfigures to initiate a request for information based on the occurrenceof an event. The event could, for example, be the passage of time orcould be a trigger event that occurs. For example, a trigger event couldbe the arrival of a new data file or completion of a batch schedule.

According to some of the various embodiments, a request may employ, forexample without limitation, hypertext transfer protocol. (HTTP orHTTPS). The request may, for example, be specifically related to datathat exists on the remote computing device 140. The request may beconfigured, for example, to query data (read-only), manipulate data.(write), combinations thereof, and/or the like. Examples of requests maycomprise without limitation: 1) run an audit on a date of birth field ofa people dataset; 2) profile columns of a people dataset; 3) if the dateof birth format is mm-dd-yyyy, then convert to mm/dd/yyyy; 4) retrievesales by quarter; combinations thereof, and/or the like.

According to some of the various embodiments, a requesting computingdevice 120 may be configured to employ credentials to communicate remoteinstructions to the remote computing device 140 over an external network160 and through firewall 130. Credentials may comprise, for exampleaccess credentials. Access credentials may comprise a set of informationrequired to connect and query the remote computing device 140. Theinformation may comprise, for example, one or more of remote serveraddress(es), port number(s), database or application instance name(s),database schema name(s), login(s), password(s), file path name(s),combinations thereof, and/or the like.

According to some of the various embodiments, a requesting computingdevice 120 may be configured to receive query results from the remotecomputing device 140. The query results may be generated by the remotecomputing device 140 executing remote instructions. Query Results maycomprise data received back from the remote computing device 140 as aresult of processing query instruction(s). Data received back maycomprise, for example, a single value, a result set which consists of aset of rows from a database, metadata comprising the name of the columnof data, combinations thereof, and/or the like. For data manipulationqueries, the result returned may comprise, for example, metadatarepresenting the success or failure of an operation. For example, theresult returned may comprise a number of rows updated.

The requesting computing device 120 may be configured to convert thequery results into a Flexible Data Representation (FDR) format. AFlexible Data Representation (FDR) may comprise a language independentformat that employs human-readable text to transmit data objects asattribute-value pairs. An FDR may be employed to transmit query resultsbetween requesting computing device(s) 120 and assistant computingdevice(s) 110. The format may enables transmitting data in abyte-optimized format configured to support attributes or columns ofdata and various number of records.

According to some of the various embodiments, an assistant computingdevice 110 may be a distributed computing device configured to handlerequests from requesting computing device(s), process and analyze therequest(s), co-ordinate the flow of information; provide answers to arequester, combinations thereof, and/or the like. Assistant computingdevice 110 may comprise a server, a personal computer, an embeddedsystem, combinations thereof, and/or the like.

According to some of the various embodiments, an assistant computingdevice 110 may be configured to receive a request from the requestingcomputing device 120 to query the data set 145. The request may beconfigured to identify the remote computing device 140. The assistantcomputing device 110 may be configured to communicate with therequesting computing device 120 via various mechanisms such as, but notlimited to: an external network (e.g. Internet), an internal network, awide area network WAN, a Local Area Network LAN, a virtual privatenetwork (VPN), a combination thereof, and/or the like.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to identify the access credentialrequirements to allow the requesting computing device 120 to access theremote computing device 140.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to generate access credentials, employingat least in part, the access credential requirements.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to identify remote processing requirementsfor the remote computing device 150 to access the data set 145identified in the request. The assistant computing device 110 may befurther configured to generate remote processing instructions, employingat least in part, the remote processing requirements, the remoteprocessing instructions may be configured to be executable by the remotecomputing device to satisfy the request; (few flow diagrams may beuseful). Remote processing instructions may comprise data processinginstruction set(s) specific to the data source in the remote computingdevice 140 that may be employed to process and retrieve data 145.Example of instructions in the data processing instruction may comprise,for example, retrieving data (e.g. querying and selecting), manipulatingdata (e.g. writing data like Add, Delete, and Update), combinationsthereof, and/or the like. Example of a remote instruction maycomprise: 1) for a direct database query: SELECT COUNT(*) FROMEMPLOYEES; 2) for an SAP application: Call Function Module Z_ABC andsend parameters; 3) for a web application: Call Web Service MethodgetEmployees passing the filter criteria; and/or the like.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to encrypt the access credentials togenerate encrypted access credentials. Similarly, the assistantcomputing device 110 may be configured to encrypt the remote processinginstructions to generate encrypted remote processing instructions.Encryption may convert the access credentials and/or remote processinginstructions into non-readable text by applying a cryptographicalgorithm. Examples of crypto algorithm are RSA, SHA-1, SHA-2 with 64,128 or 256 bits of encryption.

A cipher may be employed to perform encryption and decryption. A ciphermay comprise a pair of algorithms that create the encryption and thereversing decryption. Ciphers may be categorized as symmetric keyalgorithms and asymmetric key algorithms. Examples of ciphers comprise,but are not limited to: AES_128 (a private key algorithm) and ECDHE_RSA(a public key algorithm).

According to some of the various embodiments, the assistant computingdevice 110 may be configured to employ the encrypted access credentialsto electronically communicate the encrypted remote processinginstructions to the requesting computing device. The encrypted accesscredentials may be configured to include at least one of the following:remote login instructions; remote computing device information name;remote computing device login password; remote computing device portnumber; remote computing device data store name; remote computing devicelogin name; physically secured data center information name; physicallysecured data center access password; physically secured data center portnumber; physically secured data center login name; a cryptographic key,a combination thereof, and/or the like.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to receive at least one set of encryptedresults from the requesting computing device. According to some of thevarious embodiments, the assistant computing device 110 may beconfigured to decrypt the encrypted results to obtain results.

According to some of the various embodiments, the assistant computingdevice 110 may be configured to generate a report of results.

The report may comprise a presentation of quantitative and qualitativeinformation to a user based on factual data, interpreted data, userinput, combinations thereof, and/or the like. For example, a report onthe result of a data quality audit to validate date of birth inmm/dd/yyyy format could comprise: quantitative information like totalnumber of records processed, total number of records failing the auditand the detailed records themselves; qualitative information likewhether the audit passed the audit threshold, trend information based onreconciling data with history, any system generated or user inputcomments; combinations thereof, and/or the like.

The report may further comprise additional information, the additionalinformation comprising at least one of the following: logic; trendinginformation; template information; intelligence information; benchmarkinformation; data quality information; decision support information;data analysis information; combinations thereof, and/or the like.Additionally, the report may be configured to be accessed via a browser.According to some of the various embodiments, the assistant computingdevice 110 may be configured to communicate the report to the requestingcomputing device through network 160 via communication links 112 and122.

FIG. 2 is another example block diagram showing a system 200 forremotely accessing data from a dataset 245 on a remote secured server240 according to some of the various embodiments of the presentinvention. This alternative embodiment illustrates assistant computingdevice 210 communicating with requesting computing device 220 via link212 outside of network 260. Example embodiments of the invention asillustrated in FIG. 2 are described with reference to the accompanyingdrawings, wherein like parts are designated by like reference numeralsto FIG. 1 throughout. So for example, the decryption with respect toremote computing device 140 may also be applicable to remote computingdevice 240.

The remote computing device 240 may comprise a computing device such as,but not limited to: a personal computing device (PC, tablet or phone), adistributed computing device (e.g. a server) that comprises the datawhich the requester is trying to query and analyze, a combinationthereof, and/or the like. According to some of the various embodiments,the remote computing device may serve data remotely by receiving andprocessing received queries. (An example of a typical query format isSequential Query Language (SQL)).

According to some of the various embodiments, the remote computingdevice 240 may reside in a physically secured data center 250. Accordingto some of the various embodiments, the physically secure data center250 may comprise a physical facility that is owned or leased. Thephysically secure data center 250 may house the remote computing device240 and/or the dataset 245 being accessed. The physical facility couldbe the same location where the requesting computing device 220 islocated or could be located in a different place. The dataset 245 may belocated in remote computing device 240 and be accessible by therequesting computing device 220 using access credentials. The accesscredentials may according to some embodiments, be optional.

According to some of the various embodiments, the remote computingdevice 240 may be in communication with a data set 245. A data set 245(or data set 245) may comprise a collection of data. The collection ofdata may correspond to contents of database(s). The remote computingdevice may be configured to serve data remotely by receiving andprocessing received queries.

The data set 245 may be stored on a data storage device. According tosome of the various embodiments, the remote computing device 240 may beconfigured to communicate with an external network 260 through afirewall 230 via communication links 252 and 232.

Requesting computing device 220 may comprise a computing deviceconfigured to initiate a request such as, but not limited to: a personalcomputing device (e.g. PC, Tablet, and Phone), a distributed computingdevice (server), combinations thereof, and/or the like. The flow ofinformation may be initiated by the requesting computing device 220. Asillustrated, requesting computing device is outside the physicallysecured data center 250 and may communicate to the physically secureddata center 250 via links 222, 232 and 252 through network 260 andfirewall 230.

According to some of the various embodiments, a request may be initiatedon a requesting computing device 220 by a requester. According to someof the various embodiments, a requesting computing device 220 may beconfigured to employ credentials to communicate remote instructions tothe remote computing device 240 over an external network 260 and throughfirewall 230 via communication links 222, 232, and 252. Credentials maycomprise, for example access credentials. Access credentials maycomprise a set of information required to connect and query the remotecomputing device 240.

According to some of the various embodiments, a requesting computingdevice 220 may be configured to receive query results from the remotecomputing device 240. The query results may be generated by the remotecomputing device 240 executing remote instructions. Query Results maycomprise data received back from the remote computing device 240 as aresult of processing query instruction(s).

The requesting computing device 220 may be configured to convert thequery results into a Flexible Data Representation (FDR) format. An FDRmay be employed to transmit query results between requesting computingdevice(s) 220 and assistant computing device(s) 210 via communicationslink 212.

According to some of the various embodiments, assistant computing device210 may be a distributed computing device configured to handle requestsfrom requesting computing device(s), process and analyze the request(s),co-ordinate the flow of information; provide answers to a requester,combinations thereof, and/or the like. Assistant computing device 210may comprise a server, a personal computer, an embedded system,combinations thereof, and/or the like.

According to some of the various embodiments, an assistant computingdevice 210 may be configured to receive a request from the requestingcomputing device 220 via communications link 212 to query the data set245. The request may be configured to identify the remote computingdevice 240. The assistant computing device 210 may be configured tocommunicate with the requesting computing device 220 via variousmechanisms such as, but not limited to: an external network (e.g.Internet), an internal network, a wide area network WAN, a Local AreaNetwork LAN, a virtual private network (VPN), a combination thereof,and/or the like.

According to some of the various embodiments, the assistant computingdevice 210 may be configured to identify the access credentialrequirements to allow the requesting computing device 220 to access theremote computing device 240. According to some of the variousembodiments, the assistant computing device 210 may be configured togenerate access credentials, employing at least in part, the accesscredential requirements.

According to some of the various embodiments, the assistant computingdevice 210 may be configured to identify remote processing requirementsfor the remote computing device 250 to access the data set 245identified in the request. The assistant computing device 210 may befurther configured to generate remote processing instructions, employingat least in part, the remote processing requirements, the remoteprocessing instructions may be configured to be executable by the remotecomputing device to satisfy the request; (few flow diagrams may beuseful). Remote processing instructions may comprise data processinginstruction set(s) specific to the data source in the remote computingdevice 240 that are employed to process and retrieve data 245.

According to some of the various embodiments, the assistant computingdevice 210 may be configured to encrypt the access credentials togenerate encrypted access credentials. Similarly, the assistantcomputing device 210 may be configured to encrypt the remote processinginstructions to generate encrypted remote processing instructions.

According to some of the various embodiments, the assistant computingdevice 210 may be configured to employ the encrypted access credentialsto electronically communicate the encrypted remote processinginstructions to the requesting computing device. According to some ofthe various embodiments, the assistant computing device 210 may beconfigured to receive at least one set of encrypted results from therequesting computing device. According to some of the variousembodiments, the assistant computing device 210 may be configured todecrypt the encrypted results to obtain results. According to some ofthe various embodiments, the assistant computing device 210 may beconfigured to generate a report of results. According to some of thevarious embodiments, the assistant computing device 210 may beconfigured to communicate the report to the requesting computing device220 via link 212.

FIG. 3 is another example block diagram showing a system 300 forremotely accessing data from a dataset 345 on a remote secured server340 according to some of the various embodiments of the presentinvention. In this alternative embodiment, requesting computing device320 and remote computing device 340 may reside inside physically secureddata center 350. Assistant computing device 310 may reside outside ofphysically secured data center 350. Assistant computing device 310 maycommunicate to requesting computing device 320 through network 360 viacommunication links 322 and 312. Assistant computing device 310 maycommunicate to remote computing device 340 through network 360 andfirewall 330 via communication links 312, 332 and 352. Requestingcomputing device may communicate to remote computing device 340 throughnetwork 360 and firewall 330 via communication links 322, 332 and 352.Example embodiments of the invention as illustrated in FIG. 3 aredescribed with reference to the accompanying drawings, wherein likeparts are designated by like reference numerals to FIG. 1 and FIG. 2throughout. So for example, the decryption with respect to remotecomputing device 140 may also be applicable to remote computing device340.

The remote computing device 340 may comprise a computing device such as,but not limited to: a personal computing device (PC, tablet or phone), adistributed computing device (e.g. a server) that comprises the datawhich the requester is trying to query and analyze, a combinationthereof, and/or the like. According to some of the various embodiments,the remote computing device 340 could be the same as the requestingcomputing device 320 (when the dataset 345 is located on the samedevice) but more often than not, the remote computing device 340 andrequesting computing device 320 may be separate devices. The remotecomputing device may serve data remotely by receiving and processingqueries received. (An example of a typical query format is SequentialQuery Language (SQL)).

According to some of the various embodiments, the remote computingdevice 340 may reside in a physically secured data center 350. Accordingto some of the various embodiments, the physically secure data center350 may comprise a physical facility that is owned or leased. Thephysically secure data center 350 may house the remote computing device340 and/or the dataset 345 being accessed. The physical facility couldbe the same location where the requesting computing device 320 islocated or could be located in a different place. The dataset 345 may belocated in remote computing device 340 and be accessible by therequesting computing device 320 using access credentials. The accesscredentials may according to some embodiments, be optional.

According to some of the various embodiments, the remote computingdevice 340 may be in communication with a data set 345. A data set 345(or data set 345) may comprise a collection of data. The collection ofdata may correspond to contents of database(s). The remote computingdevice may be configured to serve data remotely by receiving andprocessing received queries. The data set 345 may be stored on a datastorage device. According to some of the various embodiments, the remotecomputing device 340 may be configured to communicate with an externalnetwork 360 through a firewall 330 via communication links 352 and 332.

Requesting computing device 320 may comprise a computing deviceconfigured to initiate a request such as, but not limited to: a personalcomputing device (e.g. PC, Tablet, and Phone), a distributed computingdevice (server), combinations thereof, and/or the like. The flow ofinformation may be initiated by the requesting computing device 320. Asillustrated, requesting computing device is physically located insidethe physically secured data center 350 and may communicate to the remotecomputing device 340 via network 360 over communications link 322, andthrough firewall 330 via communications links 332 and 352.

According to some of the various embodiments, a request may be initiatedon a requesting computing device 320 by a requester. According to someof the various embodiments, a requesting computing device 320 may beconfigured to employ credentials to communicate remote instructions tothe remote computing device 340 over an external network 360 and throughfirewall 330 via communication links 322, 332, and 352. Credentials maycomprise, for example access credentials. Access credentials maycomprise a set of information required to connect and query the remotecomputing device 340.

According to some of the various embodiments, a requesting computingdevice 320 may be configured to receive query results from the remotecomputing device 340. The query results may be generated by the remotecomputing device 340 executing remote instructions. Query Results maycomprise data received back from the remote computing device 340 as aresult of processing query instruction(s).

The requesting computing device 320 may be configured to convert thequery results into a Flexible Data Representation (FDR) format. An FDRmay be employed to transmit query results between requesting computingdevice(s) 320 and assistant computing device(s) 310 via communicationslink 312.

According to some of the various embodiments, assistant computing device310 may be a distributed computing device configured to handle requestsfrom requesting computing device(s), process and analyze the request(s),co-ordinate the flow of information; provide answers to a requester,combinations thereof, and/or the like. Assistant computing device 310may comprise a server, a personal computer, an embedded system,combinations thereof, and/or the like.

According to some of the various embodiments, an assistant computingdevice 310 may be configured to receive a request from the requestingcomputing device 320 via communications link 312 to query the data set345. The request may be configured to identify the remote computingdevice 340. The assistant computing device 310 may be configured tocommunicate with the requesting computing device 320 via variousmechanisms such as, but not limited to: an external network (e.g.Internet), an internal network, a wide area network WAN, a Local AreaNetwork LAN, a virtual private network (VPN), a combination thereof,and/or the like.

According to some of the various embodiments, the assistant computingdevice 310 may be configured to identify the access credentialrequirements to allow the requesting computing device 320 to access theremote computing device 340. According to some of the variousembodiments, the assistant computing device 310 may be configured togenerate access credentials, employing at least in part, the accesscredential requirements.

According to some of the various embodiments, the assistant computingdevice 310 may be configured to identify remote processing requirementsfor the remote computing device 350 to access the data set 345identified in the request. The assistant computing device 310 may befurther configured to generate remote processing instructions, employingat least in part, the remote processing requirements, the remoteprocessing instructions may be configured to be executable by the remotecomputing device to satisfy the request; (few flow diagrams may beuseful). Remote processing instructions may comprise data processinginstruction set(s) specific to the data source in the remote computingdevice 340 that are employed to process and retrieve data 345.

According to some of the various embodiments, the assistant computingdevice 310 may be configured to encrypt the access credentials togenerate encrypted access credentials. Similarly, the assistantcomputing device 310 may be configured to encrypt the remote processinginstructions to generate encrypted remote processing instructions.

According to some of the various embodiments, the assistant computingdevice 310 may be configured to employ the encrypted access credentialsto electronically communicate the encrypted remote processinginstructions to the requesting computing device. According to some ofthe various embodiments, the assistant computing device 310 may beconfigured to receive at least one set of encrypted results from therequesting computing device. According to some of the variousembodiments, the assistant computing device 310 may be configured todecrypt the encrypted results to obtain results. According to some ofthe various embodiments, the assistant computing device 310 may beconfigured to generate a report of results. According to some of thevarious embodiments, the assistant computing device 310 may beconfigured to communicate the report to the requesting computing device320 through network 360 via links 312 and 322.

FIG. 4 is example block diagram showing communication flow betweencomponents in a system 400 for remotely accessing data 445 on a remotesecured server 440 according to some of the various embodiments of thepresent invention.

According to some of the various embodiments, a request 450 may be madeby a requesting computing device 420 to an assistant computing device410 to query a dataset 445 in communication with a remote computingdevice 440. The remote computing device 440 may reside in a physicallysecured data center and may not be directly accessible to the assistantcomputing device 410.

According to some of the various embodiments, the assistant computingdevice 410 may identify access credential requirements to allow therequesting computing device 420 to access the remote computing device440 identified in the request 450. According to some of the variousembodiments, the assistant computing device 410 may identify remoteprocessing requirements for the remote computing device 440 to accessthe dataset 445 identified in the request 450. According to some of thevarious embodiments, the assistant computing device 410 may generateaccess credentials, employing at least in part, the access credentialrequirements. According to some of the various embodiments, theassistant computing device 410 may generate remote processinginstructions, employing at least in part, the remote processingrequirements. The remote processing instructions may be configured to beexecutable by the remote computing device 440 to satisfy the request450. According to some of the various embodiments, the assistantcomputing device 410 may encrypt the access credentials to generateencrypted access credentials 460. According to some of the variousembodiments, the assistant computing device 410 may encrypt the remoteprocessing instructions to generate encrypted remote processinginstructions 470.

According to some of the various embodiments, the assistant computingdevice 410 may communicate the encrypted access credentials 460 to therequesting computing device 420. According to some of the variousembodiments, the assistant computing device 410 may communicate theencrypted remote processing instructions 470 to the requesting computingdevice 420. The encrypted access credentials 460 may be configured toallow the requesting computing device 420 to access the remote computingdevice 440. The encrypted remote instructions 470 may comprise remoteinstructions configured to enable the remote computing device 440 toexecute at least one of the following: at least one data query; and atleast one data manipulation.

According to some of the various embodiments, the requesting computingdevice 420 may decrypt the encrypted access credentials 460 to obtainaccess credentials 465. According to some of the various embodiments,requesting computing device 420 may decrypt the encrypted remoteinstructions 470 to obtain remote instructions 475. The remote computingdevice 440 may be behind a firewall 430. According to some of thevarious embodiments, requesting computing device 420 may access theremote computing device 440 using the access credentials 465. Accordingto some of the various embodiments, requesting computing device 420 maycommunicate the remote instructions 475 to the remote computing device440.

According to some of the various embodiments, the remote computingdevice 440 may reside in a physically secured data center and not bedirectly accessible to the assistant computing device 410. According tosome of the various embodiments, the remote computing device 440 mayreceive the remote instructions 475. The remote instructions maycomprise remote instructions configured to enable the remote computingdevice 440 to execute at least one of the following: (1) at least onedata query; and (2) at least one data manipulation. According to some ofthe various embodiments, the remote computing device 440 may execute theremote instructions 475 to generate query results 480. According to someof the various embodiments, the remote computing device 440 maycommunicate the query results 480 to the requesting device 420. At leastpart of the query results may be configured to be employable by theassistant computing device 410 to generate a report 490.

According to some of the various embodiments, the requesting computingdevice 420 may receive the query results. According to some of thevarious embodiments, the requesting computing device 420 may convert thequery results 480 into a flexible data representation 485 of the queryresults 480. The conversion may involve encrypting the query results480. According to some of the various embodiments, the requestingcomputing device 420 may communicate the flexible data representation485 to the assistant computing device 410.

According to some of the various embodiments, the assistant computingdevice 410 may receive the flexible data representation 485 from therequesting computing device 420. According to some of the variousembodiments, the assistant computing device 410 may process the flexibledata representation 485 to obtain the query results 480. The processingmay involve decrypting flexible data representation 485. According tosome of the various embodiments, the assistant computing device 410 maygenerating a report of results 490 employing at least part of the queryresults 480. According to some of the various embodiments, the assistantcomputing device 410 may communicate the report 490 to the requestingcomputing device 420.

FIGS. 5, 6 and 7 are example flow diagrams that together illustrateembodiments where a requesting computing device may access secured datafrom a remote computing device employing the assistance of an assistantcomputing device. Specifically, FIG. 5 illustrates remote access ofsecured data from the perspective of a requesting computing device, FIG.6 illustrates remote access of secured data from the perspective of anassistant computing device, and FIG. 7 illustrates remote access ofsecured data from the perspective of a remote computing device.Additionally, FIGS. 5, 6 and 7 are to be interpreted with respect to thedescriptions of various embodiments above of the requesting computingdevice, remote computing device, the assistant computing device, andtheir interconnections.

FIG. 5 is an example flow diagram illustrating remote access of secureddata from the perspective of a requesting computing device according tosome of the various embodiments of the present invention.

According to some of the various embodiments, a request may be made froma requesting computing device to an assistant computing device to querya dataset in communication with a remote computing device at 510. Theremote computing device may reside in a physically secured data center.The remote computing device may not be directly accessible to theassistant computing device.

According to some of the various embodiments, encrypted accesscredentials and encrypted remote instructions may be received at therequesting computing device from the assistant computing device at 515.The encrypted access credentials may be configured to allow therequesting computing device to access the remote computing device. Theencrypted remote instructions may comprise remote instructionsconfigured to enable the remote computing device to execute at least oneof the following: at least one data query; and at least one datamanipulation.

According to some of the various embodiments, the encrypted accesscredentials may be decrypted by the requesting computing device toobtain access credentials at 520. Similarly, the encrypted remoteinstructions may be decrypted at the requesting computing device toobtain remote instructions at 525.

According to some of the various embodiments, the requesting computingdevice may access the remote computing device using the accesscredentials at 530. The remote instructions may be communicated from therequesting computing device to the remote computing device at 535. Queryresults may be generated by the remote computing device executing theremote instructions.

According to some of the various embodiments, query results from theremote computing device may be received at the requesting computingdevice at 540. The requesting computing device may generate encryptedquery results by encrypting the query results at 545. The encryptedquery results may be communicated from the requesting computing deviceto the assistant computing device at 550. At 555, the requestingcomputing device may receive a report from the assistant computingdevice. The report may comprise, at least in part, a decrypted versionof at least a part of the encrypted query results.

FIG. 6 is an example flow diagram illustrating remote access of secureddata from the perspective of an assistant computing device according tosome of the various embodiments of the present invention.

According to some of the various embodiments, a request may be receivingat an assistant computing device over a network from a requestingcomputing device to query a dataset located on a remote computing deviceat 610. The remote computing device may reside in a physically secureddata center. The remote computing device may not be directly accessibleto the assistant computing device.

According to some of the various embodiments, access credentialrequirements may be identified to allow the requesting computing deviceto access the remote computing device identified in the request at 615.Similarly, remote processing requirements may be identified for theremote computing device to access the dataset identified in the requestat 620.

According to some of the various embodiments, access credentials may begenerated at 625 employing at least in part, the access credentialrequirements. Similarly, remote processing instructions may be generatedat 630 employing at least in part, the remote processing requirements.The remote processing instructions may be configured to be executable bythe remote computing device to satisfy the request.

According to some of the various embodiments, the access credentials maybe encrypted at 635 to generate encrypted access credentials. Similarly,the remote processing instructions may be encrypted at 640 to generateencrypted remote processing instructions.

According to some of the various embodiment, the encrypted accesscredentials may be communicated to the requesting computing device at640. Similarly, the encrypted remote processing instructions may becommunicated to the requesting computing device at 645.

According to some of the various embodiments, at least one set ofencrypted results may be received the requesting computing device at650. The encrypted results may be decrypted at 655 to obtain theresults. A report of the results may be generated at 660. The report maybe communicated to the requesting computing device at 665.

FIG. 7 is an example flow diagram illustrating remote access of secureddata from the perspective of a remote computing device according to someof the various embodiments of the present invention.

According to some of the various embodiments, remote instructions may bereceived at a remote computing device from a requesting device through afirewall at 710. The remote computing device may reside in a physicallysecured data center and not be directly accessible to an assistantcomputing device. The receiving may be accomplished, at least in part,employing access credentials presented by the requesting device. Theencrypted access credentials may be configured to allow the requestingcomputing device to access the remote computing device. The encryptedremote instructions may comprise remote instructions configured toenable the remote computing device to execute at least one of thefollowing: at least one data query; and at least one data manipulation.

According to some of the various embodiments, the remote instructionsand access credentials may have been formed by the requesting device asfollows. The requesting device may have made a request to the assistantcomputing device to query a dataset in communication with the remotecomputing device. The requesting device may have received encryptedaccess credentials and encrypted remote instructions from the assistantcomputing device. The requesting device may have decrypted the encryptedaccess credentials to obtain access credentials. Similarly, therequesting device may have decrypted the encrypted remote instructionsto obtain remote instructions.

According to some of the various embodiments, remote computing devicemay execute the remote instructions to generate query results at 720.The query results may be communicated to the requesting device at 730.At least part of the query results may be configured to be employable bythe assistant computing device to generate a report.

FIG. 8 illustrates an example of a suitable computing system environment800 on which aspects of some embodiments may be implemented. Thecomputing system environment 800 is only one example of a suitablecomputing environment and is not intended to suggest any limitation asto the scope of use or functionality of the claimed subject matter.Neither should the computing environment 800 be interpreted as havingany dependency or requirement relating to any one or combination ofcomponents illustrated in the exemplary operating environment 800.

Embodiments are operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well-known computing systems, environments, and/orconfigurations that may be suitable for use with various embodimentsinclude, but are not limited to, embedded computing systems, personalcomputers, server computers, hand-held or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputers, mainframe computers,cloud services, telephony systems, distributed computing environmentsthat include any of the above systems or devices, and the like.

Embodiments may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by computing capable devices. Generally, program modulesinclude routines, programs, objects, components, data structures, etc.that perform particular tasks or implement particular abstract datatypes. Some embodiments may be designed to be practiced in distributedcomputing environments where tasks may be performed by remote processingdevices that are linked through a communications network. In adistributed computing environment, program modules may be located inboth local and remote computer storage media including memory storagedevices.

With reference to FIG. 8 , an example system for implementing someembodiments includes a computing device 810. Components of computer 810may include, but are not limited to, a processing unit 820, a systemmemory 830, and a system bus 821 that couples various system componentsincluding the system memory to the processing unit 820.

Computer 810 typically includes a variety of computer readable media.Computer readable media can be any available media that can be accessedby computer 810 and includes both volatile and nonvolatile media, andremovable and non-removable media. By way of example, and notlimitation, computer readable media may comprise computer storage mediaand communication media. Computer storage media includes both volatileand nonvolatile, and removable and non-removable media implemented inany method or technology for storage of information such as computerreadable instructions, data structures, program modules or other data.Computer storage media includes, but is not limited to, random accessmemory (RAM), read-only memory (ROM), electrically erasable programmableread-only memory (EEPROM), flash memory or other memory technology,compact disc read-only memory (CD-ROM), digital versatile disks (DVD) orother optical disk storage, magnetic cassettes, magnetic tape, magneticdisk storage or other magnetic storage devices, or any other mediumwhich can be used to store the desired information and which can beaccessed by computer 810. Communication media typically embodiescomputer readable instructions, data structures, program modules orother data in a modulated data signal such as a carrier wave or othertransport mechanism and includes any information delivery media. Theterm “modulated data signal” means a signal that has one or more of itscharacteristics set or changed in such a manner as to encode informationin the signal. By way of example, and not limitation, communicationmedia includes wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, radio frequency (RF),infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer readable media.

The system memory 830 includes computer storage media in the form ofvolatile and/or nonvolatile memory such as ROM 831 and RAM 832. A basicinput/output system 833 (BIOS), comprising the basic routines that helpto transfer information between elements within computer 810, such asduring start-up, is typically stored in ROM 831. RAM 832 typicallycomprises data and/or program modules that are immediately accessible toand/or presently being operated on by processing unit 820. By way ofexample, and not limitation, FIG. 8 illustrates operating system 834,application programs 835, other program modules 836, and program data837.

The computer 810 may also include other removable/non-removablevolatile/nonvolatile computer storage media. By way of example only,FIG. 8 illustrates a hard disk drive 841 that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive 851that reads from or writes to a removable, nonvolatile magnetic disk 852,a flash drive reader 857 that reads flash drive 858, and an optical diskdrive 855 that reads from or writes to a removable, nonvolatile opticaldisk 856 such as a CD ROM or other optical media. Otherremovable/non-removable, volatile/nonvolatile computer storage mediathat can be used in the exemplary operating environment include, but arenot limited to, magnetic tape cassettes, flash memory cards, digitalversatile disks, digital video tape, solid state RAM, solid state ROM,and the like. The hard disk drive 841 is typically connected to thesystem bus 821 through a non-removable memory interface such asinterface 840, and magnetic disk drive 851 and optical disk drive 855are typically connected to the system bus 821 by a removable memoryinterface, such as interface 850.

The drives and their associated computer storage media discussed aboveand illustrated in FIG. 8 provide storage of computer readableinstructions, data structures, program modules and other data for thecomputer 810. In FIG. 8 , for example, hard disk drive 841 isillustrated as storing operating system 844, application programs 845,program data 847, and other program modules 846. Additionally, forexample, non-volatile memory may include instructions to, for example,discover and configure IT device(s); the creation of device neutral userinterface command(s); combinations thereof, and/or the like.

A user may enter commands and information into the computer 810 throughinput devices such as a keyboard 862, a microphone 863, a camera 864,and a pointing device 861, such as a mouse, trackball or touch pad.These and other input devices are often connected to the processing unit820 through a user input interface 860 that is coupled to the systembus, but may be connected by other interface and bus structures, such asa parallel port, game port or a universal serial bus (USB). A monitor891 or other type of display device may also connected to the system bus821 via an interface, such as a video interface 890. Other devices, suchas, for example, speakers 897 and printer 896 may be connected to thesystem via peripheral interface 895.

The computer 810 is operated in a networked environment using logicalconnections to one or more remote computers, such as a remote computer880. The remote computer 880 may be a personal computer, a hand-helddevice, a server, a router, a network PC, a peer device or other commonnetwork node, and typically includes many or all of the elementsdescribed above relative to the computer 810. The logical connectionsdepicted in FIG. 8 include a local area network (LAN) 871 and a widearea network (WAN) 873, but may also include other networks. Suchnetworking environments are commonplace in offices, enterprise-widecomputer networks, intranets and the Internet.

When used in a LAN networking environment, the computer 810 is connectedto the LAN 871 through a network interface or adapter 870. When used ina WAN networking environment, the computer 810 typically includes amodem 872 or other means for establishing communications over the WAN873, such as the Internet. The modem 872, which may be internal orexternal, may be connected to the system bus 821 via the user inputinterface 860, or other appropriate mechanism. The modem 872 may bewired or wireless. Examples of wireless devices may comprise, but arelimited to: Wi-Fi and Bluetooth. In a networked environment, programmodules depicted relative to the computer 810, or portions thereof, maybe stored in the remote memory storage device. By way of example, andnot limitation, FIG. 8 illustrates remote application programs 885 asresiding on remote computer 880. It will be appreciated that the networkconnections shown are exemplary and other means of establishing acommunications link between the computers may be used. Additionally, forexample, LAN 871 and WAN 873 may provide a network interface tocommunicate with other distributed infrastructure management device(s);with IT device(s); with users remotely accessing the User InputInterface 860; combinations thereof, and/or the like.

Although the subject matter has been described in language specific tostructural features and/or methodological acts, it is to be understoodthat the subject matter defined in the appended claims is notnecessarily limited to the specific features or acts described above.Rather, the specific features and acts described above are disclosed asexample forms of implementing the claims.

In this specification, “a” and “an” and similar phrases are to beinterpreted as “at least one” and “one or more.” References to “an”embodiment in this disclosure are not necessarily to the sameembodiment.

Many of the elements described in the disclosed embodiments may beimplemented as modules. A module is defined here as an isolatableelement that performs a defined function and has a defined interface toother elements. The modules described in this disclosure may beimplemented in hardware, a combination of hardware and software,firmware, wetware (i.e. hardware with a biological element) or acombination thereof, all of which are behaviorally equivalent. Forexample, modules may be implemented using computer hardware incombination with software routine(s) written in a computer language(Java, HTML, XML, PHP, Python, ActionScript, JavaScript, Ruby, Prolog,SQL, VBScript, Visual Basic, Perl, C, C++, Objective-C or the like).Additionally, it may be possible to implement modules using physicalhardware that incorporates discrete or programmable analog, digitaland/or quantum hardware. Examples of programmable hardware include:computers, microcontrollers, microprocessors, application-specificintegrated circuits (ASICs), field programmable gate arrays (FPGAs), andcomplex programmable logic devices (CPLDs). Computers, microcontrollersand microprocessors are programmed using languages such as assembly, C,C++ or the like. FPGAs, ASICs and CPLDs are often programmed usinghardware description languages (HDL) such as VHSIC hardware descriptionlanguage (VHDL) or Verilog that configure connections between internalhardware modules with lesser functionality on a programmable device.Finally, it needs to be emphasized that the above mentioned technologiesmay be used in combination to achieve the result of a functional module.

Some embodiments may employ processing hardware. Processing hardware mayinclude one or more processors, computer equipment, embedded systems,machines a combination thereof, and/or the like. The processing hardwaremay be configured to execute instructions. The instructions may bestored on a machine-readable medium. According to some embodiments, themachine-readable medium (e.g. automated data medium) may be a mediumconfigured to store data in a machine-readable format that may beaccessed by an automated sensing device. Examples of machine-readablemedia include: magnetic disks, cards, tapes, and drums, flash memory,memory cards, electrically erasable programmable read-only memory(EEPROM), solid state drives, optical disks, barcodes, magnetic inkcharacters, a combination thereof, and/or the like.

While various embodiments have been described above, it should beunderstood that they have been presented by way of example, and notlimitation. It will be apparent to persons skilled in the relevantart(s) that various changes in form and detail can be made thereinwithout departing from the spirit and scope. In fact, after reading theabove description, it will be apparent to one skilled in the relevantart(s) how to implement alternative embodiments. Thus, the presentembodiments should not be limited by any of the above describedexemplary embodiments. In particular, it should be noted that, forexample purposes, the presently described embodiments are discussed withrespect to a data center. However, one skilled in the art will recognizethat embodiments may be employed to other collections of IT devicesover, for example, a distributed network not confined by a single datacenter, a small collection of IT devices in an Intranet, combinationsthereof, and/or the like.

In addition, it should be understood that any figures that highlight anyfunctionality and/or advantages, are presented for example purposesonly. The disclosed architecture is sufficiently flexible andconfigurable, such that it may be utilized in ways other than thatshown. For example, the steps listed in any flowchart may be re-orderedor only optionally used in some embodiments.

Further, the purpose of the Abstract of the Disclosure is to enable theU.S. Patent and Trademark Office and the public generally, andespecially the scientists, engineers and practitioners in the art whoare not familiar with patent or legal terms or phraseology, to determinequickly from a cursory inspection the nature and essence of thetechnical disclosure of the application. The Abstract of the Disclosureis not intended to be limiting as to the scope in any way.

Finally, it is the applicant's intent that only claims that include theexpress language “means for” or “step for” be interpreted under 35U.S.C. 112. Claims that do not expressly include the phrase “means for”or “step for” are not to be interpreted under 35 U.S.C. 112.

What is claimed is:
 1. A process comprising: a) receiving remoteinstructions at a remote computing device from a requesting devicethrough a firewall, the remote computing device residing in a secureddata center, the receiving accomplished at least in part by employingaccess credentials presented by the requesting device, the remoteinstructions and access credentials formed as a result of the requestingdevice: i) making a request to an assistant computing device to query adataset in communication with the remote computing device; ii) receivingencrypted access credentials and encrypted remote instructions from theassistant computing device, the encrypted access credentials configuredto allow the requesting computing device to access the remote computingdevice, the encrypted remote instructions configured to enable theremote computing device to execute at least one of the following: (1) atleast one data query; or (2) at least one data manipulation; iii)decrypting the encrypted access credentials to obtain accesscredentials; iv) decrypting the encrypted remote instructions to obtainremote instructions; b) executing the remote instructions to generatequery results; c) communicating the query results to the requestingdevice.
 2. The process according to claim 1, wherein the requestingcomputing device and the assistant computing device are configured tocommunicate via an external network.
 3. The process according to claim1, wherein the requesting computing device and the assistant computingdevice are configured to communicate via a wide area network WAN.
 4. Theprocess according to claim 1, wherein the requesting computing deviceand the assistant computing device are configured to communicate via avirtual private network (VPN) connection.
 5. The process according toclaim 1, wherein the assistant computing device comprises a server. 6.The process according to claim 1, wherein the remote computing devicecomprises a server.
 7. The process according to claim 1, wherein theremote computing device is only electronically accessible through afirewall.
 8. The process according to claim 1, wherein the remotecomputing device is only electronically accessible through a securityappliance.
 9. The process according to claim 1, wherein the processfurther comprises downloading interface instructions.
 10. The processaccording to claim 1, wherein the process further comprises downloadinga software appliance.
 11. The process according to claim 1, wherein thephysically secured data center is only electronically accessible througha firewall.
 12. The process according to claim 1, wherein the physicallysecured data center is only electronically accessible through a securityappliance.
 13. The process according to claim 1, wherein the encryptedaccess credentials are further configured to comprise at least one ofthe following: a) remote login instructions; b) remote computing deviceinformation name; c) remote computing device login password; d) remotecomputing device port number; e) remote computing device data storename; f) remote computing device login name; g) secured data centerinformation name; h) secured data center access password; i) secureddata center port number; j) secured data center login name; or k) acryptographic key.
 14. The process according to claim 1, wherein thedataset comprises at least one of the following: a) a relationaldatabase dataset; b) a non-relational database dataset; c) a web servicequery responsive dataset; d) an application specific query responsivedataset; e) a comma-separated-values (CSV) dataset; f) a spreadsheetdataset; or g) a plain text dataset.
 15. The process according to claim1, wherein the dataset is located, at least in part, on a networkaccessible drive.
 16. The process according to claim 1, wherein thedataset is located, at least in part, within the remote computingdevice.
 17. The process according to claim 1, wherein the processfurther comprises employing at least one of the following whendecrypting the encrypted access credentials: a) a symmetric cypher; orb) an asymmetric cypher.
 18. The process according to claim 1, whereinthe process further comprises employing at least one of the followingwhen decrypting the encrypted remote instructions: a) a symmetriccypher; or b) an asymmetric cypher.
 19. The process according to claim1, wherein the process further comprises employing at least one of thefollowing when encrypting the query results: a) a symmetric cypher; orb) an asymmetric cypher.
 20. The process according to claim 1, whereinthe report further comprises additional information, the additionalinformation comprising at least one of the following: a) logic; b)trending information; c) template information; d) intelligenceinformation; e) benchmark information; f) data quality information; g)decision support information; or h) data analysis information.
 21. Theprocess according to claim 1, wherein the report is configured to beaccessed via a browser.